Phorum Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052864 漏洞类型
发布时间 2007-10-25 更新时间 2007-10-25
CVE编号 CVE-2003-1465
CVE-2003-1466
CVE-2003-1467
CVE-2003-1486
CVE-2003-1487
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100109
|漏洞详情
漏洞细节尚未披露
|漏洞EXP


Phorum.org have acknowledged the flaws below and have released version

3.4.3 which corrects them.

1) The Phorum download program (download.php) is vulnerable to directory

transversal attack and is able to read arbitrary files from anywhere within

the root directory - with permissions of the web service account.

2) The Phorum registration program (register.php) is vulnerable to three

flaws.

i) The Phorum registration program (register.php) fails to properly filter

a input variable - and is vulnerable to a cross site scripting attack.

ii) The Phorum registration program (register.php) can be used to perform

proxy attacks against other sites.

iii) If an existing user is chosen (say admin) the registration page is

redisplayed with the existing Phorum input variables, if cross site

scripting attacks are entered these are re-displayed.

3) The Phorum login program (login.php) is vulnerable to two flaws.

i) The Phorum login program fails to properly filter a input variable -

and is vulnerable to a cross site scripting attack.

ii) The Phorum login program can be used to perform proxy attacks against

other sites.

4) The Phorum Post program (post.php) is vulnerable to a cross site

scripting attack.

i) The Phorum post.php program fails to properly filter an input

variable  - and is vulnerable to a cross site scripting attack.

5) Multiple Phorum admin programs are vulnerable to remote command

injection attacks - by not filtering variables entered during the

registration process.

This flaw allows malicious remote users to modify the Phorum configuration

by injecting commands, as the Phorum interface is web driven.

i) The Phorum UserAdmin program is vulnerable to  command injection.

ii) The Phorum Edit user profile is also vulnerable to command injection.

iii) The Phorum stats program is also vulnerable to this attack.

6) Many Phorum programs inadvertently disclose the webroot when called

incorrectly.

smileys.php

quick_listrss.php

purge.php

news.php

memberlist.php

forum_listrss.php

forum_list_rdf.php

forum_list.php

move.php

7) The Phorum common program (common.php) is vulnerable to cross site

scripting

The phorum common.php program fails to properly filter a input variable  -

and is vulnerable to a cross site scripting attack.

**********************************************

Procheckup as requested by Phorum have not released full details of our

discovered vulnerabilities. We understand how important full exploit code

can be to pen testers - and will fully release this in 30 days thus giving

Phorum administrators time to update.

**********************************************

ProCheckUp. Changing the future of penetration testing.

www.procheckup.com